diff --git a/profiles/discourse.nix b/profiles/discourse.nix index 2bf016d..c2d02cd 100644 --- a/profiles/discourse.nix +++ b/profiles/discourse.nix @@ -1,8 +1,27 @@ -{ config, lib, pkgs, ... }: { - age.secrets.discourse-key-base = { - file = ../secrets/discourse-key-base.age; - owner = "discourse"; - group = "discourse"; +{ config, lib, pkgs, ... }: +let + discourse-shared-edits = pkgs.discourse.mkDiscoursePlugin { + name = "discourse-shared-edits"; + src = pkgs.fetchFromGitHub { + owner = "discourse"; + repo = "discourse-shared-edits"; + rev = "586d7c18d331e6430f696c2b5b57363a1ee07736"; + sha256 = "sha256-1CrUQvVL7utrzYv4onh48JUYp6GaDSzo+HdxhwpMqxU="; + }; + }; +in +{ + age.secrets = { + discourse-key-base = { + file = ../secrets/discourse-key-base.age; + owner = "discourse"; + group = "discourse"; + }; + discourse-mail-password = { + file = ../secrets/discourse-mail-password.age; + owner = "discourse"; + group = "discourse"; + }; }; services.postgresql.package = pkgs.postgresql_13; @@ -11,8 +30,26 @@ enable = true; hostname = "forum.federez.net"; secretKeyBaseFile = config.age.secrets.discourse-key-base.path; - # TODO(jeltz): mail + mail = { + outgoing = { + serverAddress = "dodecagon.federez.net"; + port = 465; + domain = "federez.net"; + username = "discourse"; + authentication = "plain"; + forceTLS = true; + passwordFile = config.age.secrets.discourse-mail-password.path; + }; + notificationEmailAddress = "forum@federez.net"; + }; admin.skipCreate = true; + plugins = with config.services.discourse.package.plugins; [ + discourse-calendar + discourse-math + discourse-shared-edits + discourse-solved + discourse-voting + ]; }; networking.firewall.allowedTCPPorts = [ 80 443 ]; diff --git a/secrets/discourse-admin.age b/secrets/discourse-admin.age new file mode 100644 index 0000000..7438cd5 Binary files /dev/null and b/secrets/discourse-admin.age differ diff --git a/secrets/discourse-mail-password.age b/secrets/discourse-mail-password.age new file mode 100644 index 0000000..0810826 --- /dev/null +++ b/secrets/discourse-mail-password.age @@ -0,0 +1,32 @@ +age-encryption.org/v1 +-> ssh-ed25519 oDAQrw +aORlGGz/jqX0t4opGM5vMTgBKtAdL/z1KxfA4C43To +MNbp/PaSnpvyfZtmWWD6HYG3yHh2uWoXDY8V1Ft7+ac +-> ssh-rsa krWCLQ +2Px6I6WuRr10mMWlcUCAbnm6dyQa2hklmnwXtNPWXmKNPzHC6CGoye5dnOvkNKGN +5ekf2mK2ywzE2FQFVYOtY3Ss/60I4OTXmxNJ3qrCAU2z+f+53nAegguc3tB4Xvh8 +tQVQICaX1oVU/PD2SFX8QcTBORF2+Vc0Nd6fbuGl3dhSeESg7JLj5oaBCsthZD2J +U1ehTDS/+t6nogt1BdNZK10yFXRGk44jDMADMvvUPkIEW7mbvTFfMtXNhbemOn+X +oIXt8DNwzn3tF1IdOJ+vjtcU3gqYQYZVFKJV1DtQSA7i46Dl0J0+12+8/zKMX+yu +NKcaa/L1tz0lPX6ZeXhoOg +-> ssh-ed25519 /vwQcQ QoEbQ1IA4EKR97Fqa/NQN9RDUEubeZbvxMcd0ZFhwyU +OAFrGGXCxDFcsalinhG3JcXUj+RJawl6UnSgZkBwBrk +-> ssh-ed25519 0R97PA VkKhx5oVdrFjjSXwreIiGnH0nZEqY5Ls4OSpgpDn0jI +FC9SN+Woh6QBWV5r5TjtjFSp8mqw3LxgFJCQPjD8oss +-> ssh-rsa jL+Elw +UGQRNdtkdNbRVcoimpZsgBAGp95mtHwJ8V4CwlL82GqdIGM3LQDrCtPgFTC1C4Zx +lrgVaT/xi4WhRkkHCd0ZTzJ5i9NY9H/gnDaXKeKcTcQezH1yeMBLns92D2z7u0+1 +DyTzu8ZzZLvaej2b7gLU6u2BMC10AnBYP0LFuZlE3ndnr7ro9flKPb5A+IRbX339 +xkNlIOsTBdSfJJ27LKZVIOUS2Pxg1Kos9Wtbg1QsgeikdrA++QD0GhrRd+X4sFrf +Xfjq12XDakCfLmvi9QLJ2hy4X1glCO1lsBocDEaa2dGQMa2yVQi72z/92w83g98C +UO25VkpKwdGFBf8PfhKeEkdSQEJUNOe3mlTEvtpr5S3BM+//fSFHlaS1UMEeamC2 +OrcvTwdby9f4l0++9dEuPcgQYvMzbUndwFn2HI7a8fGSIF6iXeVdrl5zuR3Wgugr +ksMiQ6IyItrv/XlR5945dTxragWIwDeNJFE5EEYU3F7ryhT1FMKUWlt3lDazVuuj +PoLjUnXNhi7I+3XZ22e5P2BW7UmMbsPg3M9l+u+1U1vk/o28cZxrWV6VW4MB1Aiv +TXFXZSl123ag32PdKZ/dV7p4VC4hXEqyLA7qIrE9rFduEI5WQHqd1iL/pGxEOnuM +AOe/acgmB1hhVLCAwCCpERWyC1+Bn7UWRjrPKCLfqFc +-> ssh-ed25519 jIXfPA NaF9Sg7UkShfSzE59iFwKF4WMsc0xtAejl+20EQBNzc +4CJqeGTxwcG0ObXeWATVKQkqlyaKZEaHFfGBOc6Xpok +-> ssh-ed25519 um7xWA rlZ0xF57VNq1KHijaV9csD+Sq6cfp5DM9k1uuVOhLyY +7uYk1RIET7bkdXTHJdocqOiEtc6vqY4iOBB4cMJ7CyQ +--- FiH1HnZbKHvI9kclq8TrOFlQN6hvNd9M0mxdqjYM5gw + kj p [tϖU9dcڗNE#c|ۃ䋷`GWMy v$d \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index ea4fc61..7dab0dc 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -28,4 +28,5 @@ in "keycloak-password-file.age".publicKeys = [ lagon ] ++ keycloak-admins; "ldap-bind-password.age".publicKeys = servers ++ ldap-bind-admins; "discourse-key-base.age".publicKeys = [ pendragon ] ++ discourse-admins; + "discourse-mail-password.age".publicKeys = [ pendragon ] ++ discourse-admins; }